Retrieves anomaly records for a job.
desc
end
exclude_interim
page
from
size
record_score
sort
anomaly_score
value.
start
The API returns the following information:
records
You must have monitor_ml
, monitor
, manage_ml
, or manage
cluster
privileges to use this API. You also need read
index privilege on the index
that stores the results. The machine_learning_admin
and machine_learning_user
roles provide these privileges. For more information, see
Security Privileges and
Built-in Roles.
The following example gets record information for the it-ops-kpi
job:
GET _ml/anomaly_detectors/it-ops-kpi/results/records { "sort": "record_score", "desc": true, "start": "1454944100000" }
In this example, the API returns twelve results for the specified time constraints:
{ "count": 12, "records": [ { "job_id": "it-ops-kpi", "result_type": "record", "probability": 0.00000332668, "record_score": 72.9929, "initial_record_score": 65.7923, "bucket_span": 300, "detector_index": 0, "is_interim": false, "timestamp": 1454944200000, "function": "low_sum", "function_description": "sum", "typical": [ 1806.48 ], "actual": [ 288 ], "field_name": "events_per_min" }, ... ] }